It almost looks like a regression error. I noticed one of my students having the same problem today on OS X. Still working through the issue. There are other related questions (identical?) on SO from last year.
– vgoffOct 3 '13 at 3:38

This is a known bug in obsolete (2.0.*) versions of rubygems. Try to update to latest rubygems version: gem update --system and then re-run gem install.
– Aleksei MatiushkinOct 3 '13 at 4:12

There's any other way to update the certs if you're not using RVM?
– eduardoOct 8 '13 at 9:40

Running rvm rubygems latest resulted in an error complaining about missing checksums. However, things started working without that too... apparently you could force it with --verify-downloads 1 if you needed to. Any ideas why that might be? It tried to retrieve version rubygems-2.1.6
– TimoOct 9 '13 at 7:37

I run that on windows and get path that doesn't even exist on my computer "C:/Users/Luis/Code/openknapsack/knap-build/var/knapsack/software/x86-windows/openssl/1.0.0k/ssl/cert.pem" There is no user named Luis either. What the hell?
– isimmonsJul 7 '14 at 0:33

Make sure to save with the .pem extension, not .pem.txt!
– Dan DascalescuDec 15 '14 at 22:18

3

What if it doesn't work? I did as your answers says, but I still get the error! 1) I got file AddTrustExternalCARoot-2048.pem, 2) I placed the file to C:\Ruby193\lib\ruby\1.9.1\rubygems\ssl_certs, 3) I run gem install susy and get the same error Unable to download data from https://rubygems.org/ - SSL_connect returned=1 errno=0 state=SSLv3 read server certificate B: certificate verify failed
– GreenDec 25 '14 at 12:17

Some notes about the luis lavena link you gave. You might want to install rubygems from a gem file instead of the zip files he mentions. I haven't found a command to install from an unpacked gem or zip file. Gem here - rubygems.org/pages/download. The command is - gem install --local C:\Downloads\rubygems-update-2.4.5.gem
– Borat SagdiyevJan 10 '15 at 0:22

9

the download link is not valid anymore. For those of you who are still facing this problem, refer to Dheerendra's answer for a solution
– Llama.newOct 9 '16 at 12:32

Yeah, it is possible. I think it depends on the way the source was added in the first place. I mean, if the source was added with the trailing /, it also should be removed with the trailing /.
– eduardoNov 12 '13 at 9:59

For Windows Users (and maybe others)

Rubygems.org has a guide that not only explains how to fix this problem, but also why so many people are having it: SSL Certificate Update
The reason for the problem is rubygems.org switched to a more secure SSL certificate (SHA-2 which use 256bit encryption). The rubygems command line tool bundles the reference to the correct certificate. Therefore rubygems itself can’t be updated using an older version of rubygems. Rubygems must first be updated manually.

As per rubygems commit, the certificates are moved to more specific directories. Thus, currently the certificate(AddTrustExternalCARoot-2048.pem) is expected to be on the following path lib/rubygems/ssl_certs/rubygems.org/AddTrustExternalCARoot-2048.pem

Click on security information and import the certificate. The bottom line is your certification chain is outdated and you need to add this new certificate. Remember that this is not a security violation as long as you can validate the certificate as trusted.

Make sure your system clock is correct

This exact error happened to me today on an Ubuntu virtual machine running on VirtualBox. I tried most of the solutions shown above before I noticed that I had resumed from a very old suspended state, and my clock was off by many days.

Updating the clock immediately fixed my issue. Here's the command I used in my case:

The particular case of RubyGems (the command line tool) is that it requires to bundle inside of its code the trust certificates, which allow RubyGems to establish a connection with the servers even when base operating system is unable to verify the identity of them.

Up until a few months ago, this certificate was provided by one CA, but newer certificate is provided by a different one.

Because of this, existing installations of RubyGems would have to been updated before the switch of the certificate and give enough time for the change to spread (and people to update)

Anyone can find his solution by following the simple steps given in the link below

I had same problem while trying to install cucumber gem. However I noticed that bundler gem already installed with ruby 2.0.
I created a Gemfile.rb in the project folder with required gems and followed this steps

For Illumos / Solaris using OpenCSW pkgutil:

Install CSWcacertificates prior to 'gem install'

pkgutil -yi CSWcacertificates

If you're using a ruby kit that's not from OpenCSW, your ruby version may expect to find the certificate file in another place. In this case, I simply symlinked OpenCSW's /etc/opt/csw/ssl/cert.pem to the expected place.

After installing Ruby 2.2.3 (+ rubygems 2.5.1) successfully on a test machine with access to the internet, I had this SSL error when I installed bundler on a production machine, within the network.

As I had network access limitations, and there was no way to change the settings for SSL access, and based on the error messages, I performed the steps below to be able to finish the installation of the bundler
(this may sound crazy, but it worked...).

Through a machine with unrestricted access to the internet, downloaded the following files:

The following steps need to copy only the certificates from newer windows ruby.
Take the latest ruby (or at least ruby 2.4.0) and do the following:

copy certificates from these directories (adjust to your needs):C:\prg_sdk\rubies\Ruby-2.4\lib\ruby\2.4.0\rubygems\ssl_certs\rubygems.orgC:\prg_sdk\rubies\Ruby-2.4\lib\ruby\2.4.0\rubygems\ssl_certs\index.rubygems.org

to destination (again adjust to what you need):C:\prg_sdk\rubies\Ruby231-p112-x64\lib\ruby\2.3.0\rubygems\ssl_certs

Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).